argus-3.0 conformance testing and website repository
Richard Bejtlich
taosecurity at gmail.com
Sat Jun 24 14:16:13 EDT 2006
On 6/24/06, carter at qosient.com <carter at qosient.com> wrote:
> What that means, is you get one argus record for each event that arpwatch would generate, for the entire day.
>
> A rarpwatch() program is a no brainer, just using racluster() and perl.
>
> What I was suggesting, is that argus does a lot more than just IP flows, and we should find tools that get close to the same type of function, in order to test them as well.
>
Hi Carter,
I meant I was not sure how we could have other tools handle layer 2.
I knew Argus was already collecting layer 2 -- another reason Argus is
so cool.
Thank you,
Richard
More information about the argus
mailing list